/* $KAME: faithd.c,v 1.67 2003/10/16 05:26:21 itojun Exp $ */ /* * Copyright (C) 1997 and 1998 WIDE Project. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of the project nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * User level translator from IPv6 to IPv4. * * Usage: faithd [ ...] * e.g. faithd telnet /usr/libexec/telnetd telnetd */ #include __FBSDID("$FreeBSD$"); #include #include #include #include #include #include #include #include #include #ifdef HAVE_POLL_H #include #endif #include #include #include #include #include #include #include #include #include #include #include #ifdef IFT_FAITH # define USE_ROUTE # include # include # include #endif #include #include #include #include #include "faithd.h" #include "prefix.h" char *serverpath = NULL; char *serverarg[MAXARGV + 1]; static char *faithdname = NULL; char logname[BUFSIZ]; char procname[BUFSIZ]; struct myaddrs { struct myaddrs *next; struct sockaddr *addr; }; struct myaddrs *myaddrs = NULL; static const char *service; #ifdef USE_ROUTE static int sockfd = 0; #endif int dflag = 0; static int pflag = 0; static int inetd = 0; static char *configfile = NULL; int main(int, char **); static int inetd_main(int, char **); static int daemon_main(int, char **); static void play_service(int); static void play_child(int, struct sockaddr *); static int faith_prefix(struct sockaddr *); static int map6to4(struct sockaddr_in6 *, struct sockaddr_in *); static void sig_child(int); static void sig_terminate(int); static void start_daemon(void); static void exit_stderr(const char *, ...) __attribute__((__format__(__printf__, 1, 2))); static void grab_myaddrs(void); static void free_myaddrs(void); static void update_myaddrs(void); static void usage(void); int main(int argc, char **argv) { /* * Initializing stuff */ faithdname = strrchr(argv[0], '/'); if (faithdname) faithdname++; else faithdname = argv[0]; if (strcmp(faithdname, "faithd") != 0) { inetd = 1; return inetd_main(argc, argv); } else return daemon_main(argc, argv); } static int inetd_main(int argc, char **argv) { char path[MAXPATHLEN]; struct sockaddr_storage me; struct sockaddr_storage from; socklen_t melen, fromlen; int i; int error; const int on = 1; char sbuf[NI_MAXSERV], snum[NI_MAXSERV]; if (config_load(configfile) < 0 && configfile) { exit_failure("could not load config file"); /*NOTREACHED*/ } if (strrchr(argv[0], '/') == NULL) snprintf(path, sizeof(path), "%s/%s", DEFAULT_DIR, argv[0]); else snprintf(path, sizeof(path), "%s", argv[0]); #ifdef USE_ROUTE grab_myaddrs(); sockfd = socket(PF_ROUTE, SOCK_RAW, PF_UNSPEC); if (sockfd < 0) { exit_failure("socket(PF_ROUTE): %s", strerror(errno)); /*NOTREACHED*/ } #endif melen = sizeof(me); if (getsockname(STDIN_FILENO, (struct sockaddr *)&me, &melen) < 0) { exit_failure("getsockname: %s", strerror(errno)); /*NOTREACHED*/ } fromlen = sizeof(from); if (getpeername(STDIN_FILENO, (struct sockaddr *)&from, &fromlen) < 0) { exit_failure("getpeername: %s", strerror(errno)); /*NOTREACHED*/ } if (getnameinfo((struct sockaddr *)&me, melen, NULL, 0, sbuf, sizeof(sbuf), NI_NUMERICHOST) == 0) service = sbuf; else service = DEFAULT_PORT_NAME; if (getnameinfo((struct sockaddr *)&me, melen, NULL, 0, snum, sizeof(snum), NI_NUMERICHOST) != 0) snprintf(snum, sizeof(snum), "?"); snprintf(logname, sizeof(logname), "faithd %s", snum); snprintf(procname, sizeof(procname), "accepting port %s", snum); openlog(logname, LOG_PID | LOG_NOWAIT, LOG_DAEMON); if (argc >= MAXARGV) { exit_failure("too many arguments"); /*NOTREACHED*/ } serverarg[0] = serverpath = path; for (i = 1; i < argc; i++) serverarg[i] = argv[i]; serverarg[i] = NULL; error = setsockopt(STDIN_FILENO, SOL_SOCKET, SO_OOBINLINE, &on, sizeof(on)); if (error < 0) { exit_failure("setsockopt(SO_OOBINLINE): %s", strerror(errno)); /*NOTREACHED*/ } play_child(STDIN_FILENO, (struct sockaddr *)&from); exit_failure("should not reach here"); return 0; /*dummy!*/ } static int daemon_main(int argc, char **argv) { struct addrinfo hints, *res; int s_wld, error, i, serverargc, on = 1; int family = AF_INET6; int c; while ((c = getopt(argc, argv, "df:p")) != -1) { switch (c) { case 'd': dflag++; break; case 'f': configfile = optarg; break; case 'p': pflag++; break; default: usage(); /*NOTREACHED*/ } } argc -= optind; argv += optind; if (config_load(configfile) < 0 && configfile) { exit_failure("could not load config file"); /*NOTREACHED*/ } #ifdef USE_ROUTE grab_myaddrs(); #endif switch (argc) { case 0: usage(); /*NOTREACHED*/ default: serverargc = argc - NUMARG; if (serverargc >= MAXARGV) exit_stderr("too many arguments"); serverpath = strdup(argv[NUMPRG]); if (!serverpath) exit_stderr("not enough core"); for (i = 0; i < serverargc; i++) { serverarg[i] = strdup(argv[i + NUMARG]); if (!serverarg[i]) exit_stderr("not enough core"); } serverarg[i] = NULL; /* fall throuth */ case 1: /* no local service */ service = argv[NUMPRT]; break; } start_daemon(); /* * Opening wild card socket for this service. */ memset(&hints, 0, sizeof(hints)); hints.ai_flags = AI_PASSIVE; hints.ai_family = family; hints.ai_socktype = SOCK_STREAM; hints.ai_protocol = IPPROTO_TCP; /* SCTP? */ error = getaddrinfo(NULL, service, &hints, &res); if (error) exit_failure("getaddrinfo: %s", gai_strerror(error)); s_wld = socket(res->ai_family, res->ai_socktype, res->ai_protocol); if (s_wld == -1) exit_failure("socket: %s", strerror(errno)); #ifdef IPV6_FAITH if (res->ai_family == AF_INET6) { error = setsockopt(s_wld, IPPROTO_IPV6, IPV6_FAITH, &on, sizeof(on)); if (error == -1) exit_failure("setsockopt(IPV6_FAITH): %s", strerror(errno)); } #endif error = setsockopt(s_wld, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)); if (error == -1) exit_failure("setsockopt(SO_REUSEADDR): %s", strerror(errno)); error = setsockopt(s_wld, SOL_SOCKET, SO_OOBINLINE, &on, sizeof(on)); if (error == -1) exit_failure("setsockopt(SO_OOBINLINE): %s", strerror(errno)); #ifdef IPV6_V6ONLY error = setsockopt(s_wld, IPPROTO_IPV6, IPV6_V6ONLY, &on, sizeof(on)); if (error == -1) exit_failure("setsockopt(IPV6_V6ONLY): %s", strerror(errno)); #endif error = bind(s_wld, (struct sockaddr *)res->ai_addr, res->ai_addrlen); if (error == -1) exit_failure("bind: %s", strerror(errno)); error = listen(s_wld, 5); if (error == -1) exit_failure("listen: %s", strerror(errno)); #ifdef USE_ROUTE sockfd = socket(PF_ROUTE, SOCK_RAW, PF_UNSPEC); if (sockfd < 0) { exit_failure("socket(PF_ROUTE): %s", strerror(errno)); /*NOTREACHED*/ } #endif /* * Everything is OK. */ snprintf(logname, sizeof(logname), "faithd %s", service); snprintf(procname, sizeof(procname), "accepting port %s", service); openlog(logname, LOG_PID | LOG_NOWAIT, LOG_DAEMON); syslog(LOG_INFO, "Starting faith daemon for %s port", service); play_service(s_wld); /* NOTREACHED */ exit(1); /*pacify gcc*/ } static void play_service(int s_wld) { struct sockaddr_storage srcaddr; socklen_t len; int s_src; pid_t child_pid; #ifdef HAVE_POLL_H struct pollfd pfd[2]; #else fd_set rfds; int maxfd; #endif int error; /* * Wait, accept, fork, faith.... */ again: setproctitle("%s", procname); #ifdef HAVE_POLL_H pfd[0].fd = s_wld; pfd[0].events = POLLIN; pfd[1].fd = -1; pfd[1].revents = 0; #else FD_ZERO(&rfds); if (s_wld >= FD_SETSIZE) exit_failure("descriptor too big"); FD_SET(s_wld, &rfds); maxfd = s_wld; #endif #ifdef USE_ROUTE if (sockfd) { #ifdef HAVE_POLL_H pfd[1].fd = sockfd; pfd[1].events = POLLIN; #else if (sockfd >= FD_SETSIZE) exit_failure("descriptor too big"); FD_SET(sockfd, &rfds); maxfd = (maxfd < sockfd) ? sockfd : maxfd; #endif } #endif #ifdef HAVE_POLL_H error = poll(pfd, sizeof(pfd)/sizeof(pfd[0]), INFTIM); #else error = select(maxfd + 1, &rfds, NULL, NULL, NULL); #endif if (error < 0) { if (errno == EINTR) goto again; exit_failure("select: %s", strerror(errno)); /*NOTREACHED*/ } #ifdef USE_ROUTE #ifdef HAVE_POLL_H if (pfd[1].revents & POLLIN) #else if (FD_ISSET(sockfd, &rfds)) #endif { update_myaddrs(); } #endif #ifdef HAVE_POLL_H if (pfd[0].revents & POLLIN) #else if (FD_ISSET(s_wld, &rfds)) #endif { len = sizeof(srcaddr); s_src = accept(s_wld, (struct sockaddr *)&srcaddr, &len); if (s_src < 0) { if (errno == ECONNABORTED) goto again; exit_failure("socket: %s", strerror(errno)); /*NOTREACHED*/ } if (srcaddr.ss_family == AF_INET6 && IN6_IS_ADDR_V4MAPPED(&((struct sockaddr_in6 *)&srcaddr)->sin6_addr)) { close(s_src); syslog(LOG_ERR, "connection from IPv4 mapped address?"); goto again; } child_pid = fork(); if (child_pid == 0) { /* child process */ close(s_wld); closelog(); openlog(logname, LOG_PID | LOG_NOWAIT, LOG_DAEMON); play_child(s_src, (struct sockaddr *)&srcaddr); exit_failure("should never reach here"); /*NOTREACHED*/ } else { /* parent process */ close(s_src); if (child_pid == -1) syslog(LOG_ERR, "can't fork"); } } goto again; } static void play_child(int s_src, struct sockaddr *srcaddr) { struct sockaddr_storage dstaddr6; struct sockaddr_storage dstaddr4; char src[NI_MAXHOST]; char dst6[NI_MAXHOST]; char dst4[NI_MAXHOST]; socklen_t len = sizeof(dstaddr6); int s_dst, error, hport, nresvport, on = 1; struct timeval tv; struct sockaddr *sa4; const struct config *conf; tv.tv_sec = 1; tv.tv_usec = 0; getnameinfo(srcaddr, srcaddr->sa_len, src, sizeof(src), NULL, 0, NI_NUMERICHOST); syslog(LOG_INFO, "accepted a client from %s", src); error = getsockname(s_src, (struct sockaddr *)&dstaddr6, &len); if (error == -1) { exit_failure("getsockname: %s", strerror(errno)); /*NOTREACHED*/ } getnameinfo((struct sockaddr *)&dstaddr6, len, dst6, sizeof(dst6), NULL, 0, NI_NUMERICHOST); syslog(LOG_INFO, "the client is connecting to %s", dst6); if (!faith_prefix((struct sockaddr *)&dstaddr6)) { if (serverpath) { /* * Local service */ syslog(LOG_INFO, "executing local %s", serverpath); if (!inetd) { dup2(s_src, 0); close(s_src); dup2(0, 1); dup2(0, 2); } execv(serverpath, serverarg); syslog(LOG_ERR, "execv %s: %s", serverpath, strerror(errno)); _exit(EXIT_FAILURE); } else { close(s_src); exit_success("no local service for %s", service); } } /* * Act as a translator */ switch (((struct sockaddr *)&dstaddr6)->sa_family) { case AF_INET6: if (!map6to4((struct sockaddr_in6 *)&dstaddr6, (struct sockaddr_in *)&dstaddr4)) { close(s_src); exit_failure("map6to4 failed"); /*NOTREACHED*/ } syslog(LOG_INFO, "translating from v6 to v4"); break; default: close(s_src); exit_failure("family not supported"); /*NOTREACHED*/ } sa4 = (struct sockaddr *)&dstaddr4; getnameinfo(sa4, sa4->sa_len, dst4, sizeof(dst4), NULL, 0, NI_NUMERICHOST); conf = config_match(srcaddr, sa4); if (!conf || !conf->permit) { close(s_src); if (conf) { exit_failure("translation to %s not permitted for %s", dst4, prefix_string(&conf->match)); /*NOTREACHED*/ } else { exit_failure("translation to %s not permitted", dst4); /*NOTREACHED*/ } } syslog(LOG_INFO, "the translator is connecting to %s", dst4); setproctitle("port %s, %s -> %s", service, src, dst4); if (sa4->sa_family == AF_INET6) hport = ntohs(((struct sockaddr_in6 *)&dstaddr4)->sin6_port); else /* AF_INET */ hport = ntohs(((struct sockaddr_in *)&dstaddr4)->sin_port); if (pflag) s_dst = rresvport_af(&nresvport, sa4->sa_family); else s_dst = socket(sa4->sa_family, SOCK_STREAM, 0); if (s_dst < 0) { exit_failure("socket: %s", strerror(errno)); /*NOTREACHED*/ } if (conf->src.a.ss_family) { if (bind(s_dst, (const struct sockaddr *)&conf->src.a, conf->src.a.ss_len) < 0) { exit_failure("bind: %s", strerror(errno)); /*NOTREACHED*/ } } error = setsockopt(s_dst, SOL_SOCKET, SO_OOBINLINE, &on, sizeof(on)); if (error < 0) { exit_failure("setsockopt(SO_OOBINLINE): %s", strerror(errno)); /*NOTREACHED*/ } error = setsockopt(s_src, SOL_SOCKET, SO_SNDTIMEO, &tv, sizeof(tv)); if (error < 0) { exit_failure("setsockopt(SO_SNDTIMEO): %s", strerror(errno)); /*NOTREACHED*/ } error = setsockopt(s_dst, SOL_SOCKET, SO_SNDTIMEO, &tv, sizeof(tv)); if (error < 0) { exit_failure("setsockopt(SO_SNDTIMEO): %s", strerror(errno)); /*NOTREACHED*/ } error = connect(s_dst, sa4, sa4->sa_len); if (error < 0) { exit_failure("connect: %s", strerror(errno)); /*NOTREACHED*/ } switch (hport) { case FTP_PORT: ftp_relay(s_src, s_dst); break; default: tcp_relay(s_src, s_dst, service); break; } /* NOTREACHED */ } /* 0: non faith, 1: faith */ static int faith_prefix(struct sockaddr *dst) { #ifndef USE_ROUTE int mib[4], size; struct in6_addr faith_prefix; struct sockaddr_in6 *dst6 = (struct sockaddr_in *)dst; if (dst->sa_family != AF_INET6) return 0; mib[0] = CTL_NET; mib[1] = PF_INET6; mib[2] = IPPROTO_IPV6; mib[3] = IPV6CTL_FAITH_PREFIX; size = sizeof(struct in6_addr); if (sysctl(mib, 4, &faith_prefix, &size, NULL, 0) < 0) { exit_failure("sysctl: %s", strerror(errno)); /*NOTREACHED*/ } if (memcmp(dst, &faith_prefix, sizeof(struct in6_addr) - sizeof(struct in_addr) == 0) { return 1; } return 0; #else struct myaddrs *p; struct sockaddr_in6 *sin6; struct sockaddr_in *sin4; struct sockaddr_in6 *dst6; struct sockaddr_in *dst4; struct sockaddr_in dstmap; dst6 = (struct sockaddr_in6 *)dst; if (dst->sa_family == AF_INET6 && IN6_IS_ADDR_V4MAPPED(&dst6->sin6_addr)) { /* ugly... */ memset(&dstmap, 0, sizeof(dstmap)); dstmap.sin_family = AF_INET; dstmap.sin_len = sizeof(dstmap); memcpy(&dstmap.sin_addr, &dst6->sin6_addr.s6_addr[12], sizeof(dstmap.sin_addr)); dst = (struct sockaddr *)&dstmap; } dst6 = (struct sockaddr_in6 *)dst; dst4 = (struct sockaddr_in *)dst; for (p = myaddrs; p; p = p->next) { sin6 = (struct sockaddr_in6 *)p->addr; sin4 = (struct sockaddr_in *)p->addr; if (p->addr->sa_len != dst->sa_len || p->addr->sa_family != dst->sa_family) continue; switch (dst->sa_family) { case AF_INET6: if (sin6->sin6_scope_id == dst6->sin6_scope_id && IN6_ARE_ADDR_EQUAL(&sin6->sin6_addr, &dst6->sin6_addr)) return 0; break; case AF_INET: if (sin4->sin_addr.s_addr == dst4->sin_addr.s_addr) return 0; break; } } return 1; #endif } /* 0: non faith, 1: faith */ static int map6to4(struct sockaddr_in6 *dst6, struct sockaddr_in *dst4) { memset(dst4, 0, sizeof(*dst4)); dst4->sin_len = sizeof(*dst4); dst4->sin_family = AF_INET; dst4->sin_port = dst6->sin6_port; memcpy(&dst4->sin_addr, &dst6->sin6_addr.s6_addr[12], sizeof(dst4->sin_addr)); if (dst4->sin_addr.s_addr == INADDR_ANY || dst4->sin_addr.s_addr == INADDR_BROADCAST || IN_MULTICAST(ntohl(dst4->sin_addr.s_addr))) return 0; return 1; } static void sig_child(int sig __unused) { int status; pid_t pid; while ((pid = wait3(&status, WNOHANG, (struct rusage *)0)) > 0) if (WEXITSTATUS(status)) syslog(LOG_WARNING, "child %ld exit status 0x%x", (long)pid, status); } void sig_terminate(int sig __unused) { syslog(LOG_INFO, "Terminating faith daemon"); exit(EXIT_SUCCESS); } static void start_daemon(void) { #ifdef SA_NOCLDWAIT struct sigaction sa; #endif if (daemon(0, 0) == -1) exit_stderr("daemon: %s", strerror(errno)); #ifdef SA_NOCLDWAIT memset(&sa, 0, sizeof(sa)); sa.sa_handler = sig_child; sa.sa_flags = SA_NOCLDWAIT; sigemptyset(&sa.sa_mask); sigaction(SIGCHLD, &sa, (struct sigaction *)0); #else if (signal(SIGCHLD, sig_child) == SIG_ERR) { exit_failure("signal CHLD: %s", strerror(errno)); /*NOTREACHED*/ } #endif if (signal(SIGTERM, sig_terminate) == SIG_ERR) { exit_failure("signal TERM: %s", strerror(errno)); /*NOTREACHED*/ } } static void exit_stderr(const char *fmt, ...) { va_list ap; char buf[BUFSIZ]; va_start(ap, fmt); vsnprintf(buf, sizeof(buf), fmt, ap); va_end(ap); fprintf(stderr, "%s\n", buf); exit(EXIT_FAILURE); } void exit_failure(const char *fmt, ...) { va_list ap; char buf[BUFSIZ]; va_start(ap, fmt); vsnprintf(buf, sizeof(buf), fmt, ap); va_end(ap); syslog(LOG_ERR, "%s", buf); exit(EXIT_FAILURE); } void exit_success(const char *fmt, ...) { va_list ap; char buf[BUFSIZ]; va_start(ap, fmt); vsnprintf(buf, sizeof(buf), fmt, ap); va_end(ap); syslog(LOG_INFO, "%s", buf); exit(EXIT_SUCCESS); } #ifdef USE_ROUTE static void grab_myaddrs(void) { struct ifaddrs *ifap, *ifa; struct myaddrs *p; struct sockaddr_in6 *sin6; if (getifaddrs(&ifap) != 0) { exit_failure("getifaddrs"); /*NOTREACHED*/ } for (ifa = ifap; ifa; ifa = ifa->ifa_next) { switch (ifa->ifa_addr->sa_family) { case AF_INET: case AF_INET6: break; default: continue; } p = (struct myaddrs *)malloc(sizeof(struct myaddrs) + ifa->ifa_addr->sa_len); if (!p) { exit_failure("not enough core"); /*NOTREACHED*/ } memcpy(p + 1, ifa->ifa_addr, ifa->ifa_addr->sa_len); p->next = myaddrs; p->addr = (struct sockaddr *)(p + 1); #ifdef __KAME__ if (ifa->ifa_addr->sa_family == AF_INET6) { sin6 = (struct sockaddr_in6 *)p->addr; if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr) || IN6_IS_ADDR_SITELOCAL(&sin6->sin6_addr)) { sin6->sin6_scope_id = ntohs(*(u_int16_t *)&sin6->sin6_addr.s6_addr[2]); sin6->sin6_addr.s6_addr[2] = 0; sin6->sin6_addr.s6_addr[3] = 0; } } #endif myaddrs = p; if (dflag) { char hbuf[NI_MAXHOST]; getnameinfo(p->addr, p->addr->sa_len, hbuf, sizeof(hbuf), NULL, 0, NI_NUMERICHOST); syslog(LOG_INFO, "my interface: %s %s", hbuf, ifa->ifa_name); } } freeifaddrs(ifap); } static void free_myaddrs(void) { struct myaddrs *p, *q; p = myaddrs; while (p) { q = p->next; free(p); p = q; } myaddrs = NULL; } static void update_myaddrs(void) { char msg[BUFSIZ]; int len; struct rt_msghdr *rtm; len = read(sockfd, msg, sizeof(msg)); if (len < 0) { syslog(LOG_ERR, "read(PF_ROUTE) failed"); return; } rtm = (struct rt_msghdr *)msg; if (len < 4 || len < rtm->rtm_msglen) { syslog(LOG_ERR, "read(PF_ROUTE) short read"); return; } if (rtm->rtm_version != RTM_VERSION) { syslog(LOG_ERR, "routing socket version mismatch"); close(sockfd); sockfd = 0; return; } switch (rtm->rtm_type) { case RTM_NEWADDR: case RTM_DELADDR: case RTM_IFINFO: break; default: return; } /* XXX more filters here? */ syslog(LOG_INFO, "update interface address list"); free_myaddrs(); grab_myaddrs(); } #endif /*USE_ROUTE*/ static void usage(void) { fprintf(stderr, "usage: %s [-dp] [-f conf] service [serverpath [serverargs]]\n", faithdname); exit(0); }